IRS published online thousands of Social Security numbers

The Internal Revenue Service mistakenly exposed as many as 2,319 Social Security numbers by posting them on the Internet, which a California-based archivist discovered last week.

The IRS has already come under scrutiny for targeting
conservative political groups more frequently for audits and
wasting
millions of dollars on luxury hotels, alcohol, parody videos and
tickets to sports games. The latest allegations against the IRS
serve as further embarrassment to an agency that has been under
fire for months.

Archivist Carl Malamud of Bulk Resource has long requested that
the IRS publicly release transaction documents of nonprofit
political groups, which are known as 527s, to allow the public to
monitor the spending of charities and other such organizations.
The tax forms that these nonprofit groups are required to file
are then added to a database, which the IRS has often sent to
Malamud for release on his website, Public.Resource.org.

But the IRS told Malamud to disregard the Form 990-Ts, which it
had including in its January release. This update contained more
than 3,000 tax returns, about 319 of which contained sensitive
data, including Social Security numbers.

Once Public.Resource.org noticed
that the files contained sensitive information on July 2, they
were immediately removed from the site and replaced with a new
version. Bulk Resource contacted senior White House officials to
notify them of the privacy violations, but the administration did
not remove the files from public view until July 3, leaving them
available for nearly a full day.

“The IRS has a policy that even in an emergency, their staff
are not allowed to use e-mail to communicate with organizations
such as ours, a policy that makes it much harder to respond to
incidents quickly,” Malamud wrote in a press release.
“The IRS has recklessly violated the privacy of Americans and
deliberately tried to keep scrutiny away from our worst
charities.”

He noted that IRS data security efforts are “unprofessional
and amateur,” and is now urging the agency to shut down
access to its 527 database to prevent the potential release of
any more private information that may be in the documents.

In a report filed to the inspector general’s office, Malamud said
that four unique IP addresses had clicked on the documents a
total of eight times, but that no privacy complaints had been
made. It remains unclear whether or not any identity thieves took
advantage of the information before it was taken off the
Internet.

“It is time now for the administration to send a tiger team
over to the I.R.S. to help fix their information management
practices,” Malamud wrote. “The I.R.S. has indulged too
often in bad Information Technology and this habit has become
ingrained in the culture and procedures of the Service. It is
time now for the I.R.S. to admit that it needs help. That is the
first step towards recovery.”

Public.Resource.org has
long worked to make nonprofit tax returns more accessible, and
launched its effort at the request of Internet activist and
computer programmer Aaron Swartz, who committed suicide in
January. But the group believes that by mistakenly releasing
Social Security numbers, the IRS has proven its unprofessional
manner and conducted a “serious violation of federal
law."